CVE-2026-29121
Published: 05 March 2026
Summary
CVE-2026-29121 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Datacast Sfx2100 Firmware. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Setuid and Setgid (T1548.001); ranked at the 6.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-6 (Configuration Settings).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces the principle of least privilege, directly preventing local users from gaining unnecessary elevated privileges via setuid binaries like /sbin/ip.
Mandates secure configuration settings that prohibit unnecessary setuid bits on utilities such as /sbin/ip, addressing the root misconfiguration.
Restricts the system to least functionality by disabling non-essential privileged capabilities like setuid on network utilities, mitigating exploitation paths.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct setuid misconfiguration on /sbin/ip enables T1548.001 (Setuid and Setgid) abuse via GTFOBins for root escalation; the underlying improper privilege management weakness is exploited for privilege escalation per T1068.
NVD Description
International Data Casting (IDC) SFX2100 satellite receiver comes with the `/sbin/ip` utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the…
more
GTFObins resource to preform privileged file reads as the root user on the local file system and may potentially lead to other avenues for preforming privileged actions.
Deeper analysisAI
CVE-2026-29121 is an improper privilege management vulnerability (CWE-269) in the International Data Casting (IDC) SFX2100 satellite receiver. The issue arises because the `/sbin/ip` utility is installed with the setuid bit set, allowing any local user who executes the binary to gain elevated privileges. This configuration was published on 2026-03-05 with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A local attacker with low privileges (PR:L) can exploit this vulnerability by leveraging GTFOBins techniques for the `ip` utility, enabling privileged file reads as the root user on the local file system. This access may also open pathways to additional privileged actions, resulting in high impacts to confidentiality, integrity, and availability.
Advisories referenced in the CVE include GTFOBins documentation at https://gtfobins.org/gtfobins/ip/ detailing exploitation methods and a blog post on SFX2100 vulnerabilities at https://www.abdulmhsblog.com/posts/sfx2100-vulns/. No specific patches or mitigations are detailed in the CVE description.
Details
- CWE(s)